Forensic Software

[Blaster.Master]

cool!!!

[Blaster.Master]

But what about windows washer???

[professorX]

Fast File Undelete is a sweet lil program i have used to undelete files before. "hint look for the serial on google then download the trial verision"an enjoy...Not that I do that. A friend mentioned that...lol

[evilbagpuss]

There's a program called "Encase" which is what Gvt agencies use to recover files.

You can find it on kazaa if your lucky or the emule network if you dont mind the slow download speed.

[2nd gen noob]

Originally posted by evilbagpuss@5 July 2003 - 00:59
There's a program called "Encase" which is what Gvt agencies use to recover files.

You can find it on kazaa if your lucky or the emule network if you dont mind the slow download speed.

is there an echo in here?

[VB]

Agencies such as FBI and CIA use special programs the erase data. Those programs overwrite data with bogus data 7 times or more.

[evilbagpuss]

Originally posted by 2nd gen noob+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (2nd gen noob)</td></tr><tr><td id='QUOTE'>is there an echo in here?[/b]

Point taken That&#39;ll teach me to scan through threads quickly.

In my defence at least I might have stopped people searching kazaa for hours instead of using emule

<!--QuoteBegin-Paul
Those programs overwrite data with bogus data 7 times or more. [/quote]

Thats nowhere near enough these days, not if you expect them to use hardware techniques such as MFM.

If your HD uses an RLL encoding scheme created prior to 1995 use a 35 pass gutmann wipe, if it uses an RLL encoding scheme post 1995 you&#39;d probably be better off using a 30-40 pass &#39;plain&#39; pseudorandom wipe. Dariks boot and nuke disk is probably the best as it offers concurrent wiping with >1 drive.

You also need to make sure that write behind caching is disabled on the drive in question. If your using win2k make sure you have SP4 (or SP3 at the very least) installed as win2k with SP2 or less doesnt disable it even though it says it does. I&#39;ve heard that some drives refuse to disable it under any circumstances but I havent been able to verify this.

Even after all that I still think they could recover a few bits and bobs and maybe more with enough time, money and expertise. It&#39;s similar to hitting a piece of metal with a hammer on one side then turning it over, hitting it a few more times and expecting it to be perfectly flat again. i.e virtually impossible.

I hope no ones posted all that in this thread already

[Gooch2k]

I think the best way to get rid of any incriminating evidence is to smash your hard drive to hell with a hammer. Better to lose a hard drive than to lose a court case&#33;

[2nd gen noob]

Originally posted by Gooch2k@5 July 2003 - 08:01
I think the best way to get rid of any incriminating evidence is to smash your hard drive to hell with a hammer. Better to lose a hard drive than to lose a court case&#33;

this sounds a bit high tech for me.

can you give a link to a tutorial or something?

[Gooch2k]

Seriously though. I find Evidence Eliminator a very useful program for getting rid of files, registry values and such. It&#39;s got a 30 day trial so it&#39;s worth taking a look at.